PT-2014-6110 · Ibm · Ibm Websphere Commerce

Published

2014-11-05

Updated

2019-09-30

CVE-2014-4769

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce versions 6.x through 6.0.0.11 IBM WebSphere Commerce versions 7.x through 7.0.0.8

Description The issue allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For IBM WebSphere Commerce versions 6.x through 6.0.0.11, update to a version later than 6.0.0.11 to resolve the issue. For IBM WebSphere Commerce versions 7.x through 7.0.0.8, update to a version later than 7.0.0.8 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-4769

Affected Products

Ibm Websphere Commerce

PT-2014-6110 · Ibm · Ibm Websphere Commerce

CVE-2014-4769

Related Identifiers

Affected Products

References · 6